STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG Version: 1 Release: 4 Benchmark Date: 22 Apr 2016: The Samsung Knox for Android platform must be configured to implement the management setting: whitelist DoD root and intermediate PKI certificates.

DISA Rule

SV-70323r1_rule

Vulnerability Number

V-56069

Group Title

PP-MDF-991000

Rule Version

KNOX-35-020700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove non-approved server authentication certificates from the device.

On the MDM Console, modify the certificate whitelist so that it only includes DoD PKI-issued or DoD-approved server authentication certificates in the "Android Certificate Configuration" rule.

Check Contents

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the list of server authentication certificates in the "Android Certificate Configuration" rule.
2. Verify only DoD PKI-issued or DoD-approved server authentication certificates are present (Note: These may include those approved by the local command).

On the Samsung Knox for Android device:
1. Open device settings.
2. Select "Security".
3. Select "Trusted credentials".
4. Select the "User" tab.
5. Verify no certificates are listed, or that any that are listed have been authorized.

If there are unapproved device authentication certificates present on the MDM whitelist or on the "User" tab, this is a finding.

Vulnerability Number

V-56069

Documentable

False

Rule Version

KNOX-35-020700

Severity Override Guidance

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the list of server authentication certificates in the "Android Certificate Configuration" rule.
2. Verify only DoD PKI-issued or DoD-approved server authentication certificates are present (Note: These may include those approved by the local command).

On the Samsung Knox for Android device:
1. Open device settings.
2. Select "Security".
3. Select "Trusted credentials".
4. Select the "User" tab.
5. Verify no certificates are listed, or that any that are listed have been authorized.

If there are unapproved device authentication certificates present on the MDM whitelist or on the "User" tab, this is a finding.

Check Content Reference

M

Target Key

2699

Comments